2012-07-06 Lucas Forschler
Merge 116381
2012-06-28 Lucas Forschler
Merge 117502
2012-05-17 Beth Dakin
https://bugs.webkit.org/show_bug.cgi?id=86266
r112643/r116697 break Webview form input fields
-and corresponding-
Reviewed by Dan Bernstein.
There is a recent history of changes in this are that seem worth documenting.
First was the change to switch to using NSTextFieldCell to draw text fields:
http://trac.webkit.org/changeset/104240
That led to problems because of the clear background that I thought at the time
were specific to MountainLion. To fix that, I made this change:
http://trac.webkit.org/changeset/110480
But that change resulted in styled text fields getting an un-themed border, which
led to this change on the branch: http://trac.webkit.org/changeset/112643 and a
change on TOT that was identical for Lion and SnowLeopard but introduced new
behavior for MountainLion: http://trac.webkit.org/changeset/116697
And that brings us to this bug, where it turns out the clear background is a
problem on Lion and SnowLeopard too. This patch fixes the bug by using the
original WebCoreSystemInterface function to paint all text fields on Lion and
SnowLeopard that are styled. This is what we used to paint all text fields before
r104240, which is the first change listed above. Un-styled text fields will still
use NSTextFieldCell on these platforms, but with a hardcoded white background.
* rendering/RenderThemeMac.h:
(RenderThemeMac):
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::paintTextField):
(WebCore::RenderThemeMac::textField):
2012-05-30 Lucas Forschler
Merge 108550
2012-02-22 Anders Carlsson
Crash when marking cached pages for full style recalc
https://bugs.webkit.org/show_bug.cgi?id=79276
Reviewed by Beth Dakin.
Guard against a null history item.
* history/BackForwardController.cpp:
(WebCore::BackForwardController::markPagesForFullStyleRecalc):
2012-04-17 Lucas Forschler
Merge 109480
2012-03-01 Kent Tamura
REGRESSION(r106388): Form state is restored to a wrong document.
https://bugs.webkit.org/show_bug.cgi?id=79206
Reviewed by Brady Eidson.
In some cases, the URL of the current HistoryItem and the document
URL are mismatched.
A form state should be restored only if the document was loaded
with a HistoryItem and the document is not loaded as a
redirection.
Test: fast/loader/form-state-restore-with-locked-back-forward-list.html
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::checkCompleted): Clear m_requestedHistoryItem.
(WebCore::FrameLoader::loadItem):
Save the requested HistoryItem for didLoadWithLodItem().
* loader/FrameLoader.h:
(WebCore::FrameLoader::requestedHistoryItem):
Added. Accessor for m_requestedHistoryItem.
* loader/HistoryController.cpp:
(WebCore::HistoryController::restoreDocumentState):
Restore a form state only if the current document was loaded with
FrameLoader::loadItem() and not redirection.
2012-04-12 Lucas Forschler
Merge 113415
2012-04-05 Adele Peterson and https://bugs.webkit.org/show_bug.cgi?id=74129
REGRESSION (SnowLeopard, 5.1.4): All WK2 horizontal scrollbars look broken
Patch by Dan Bernstein, Reviewed by Beth Dakin.
This code assumed that the current CTM wouldn't have extraneous operations built into it,
but this bug is evidence that that assumption was wrong. We should just get the base CTM instead
and apply the device scale factor to it.
No tests added since the SnowLeopard-style scrollbars aren't testable in our regression tests right now.
* platform/graphics/GraphicsContext.cpp:
(WebCore::GraphicsContext::platformApplyDeviceScaleFactor):
(WebCore::GraphicsContext::applyDeviceScaleFactor):
* platform/graphics/GraphicsContext.h: (GraphicsContext):
* platform/graphics/cg/GraphicsContextCG.cpp: (WebCore::GraphicsContext::platformApplyDeviceScaleFactor):
2012-04-17 Lucas Forschler
Merge 111977
2012-03-23 Stephanie Lewis
https://bugs.webkit.org/show_bug.cgi?id=81963 WebProcess can get stuck in GC during many low memory signals.
WebProcess appears to get stuck in its GC handler (81963).
Remove the call to garbage collect in low memory signal handler. Did some testing with hitting the low memory handler
during Membuster and we would get back at most 100k - 200k. That isn't enough to help the system, and in
that state the GC collection can take a substantial amount of time.
Reviewed by Geoff Garen.
Performance Change, no change in behavior.
* platform/mac/MemoryPressureHandlerMac.mm:
(WebCore::MemoryPressureHandler::releaseMemory):
2012-04-17 Lucas Forschler
Merge 113528
2012-04-06 Oliver Hunt
Accessing the returnValue of a modal dialog should be performed directly on the global object.
https://bugs.webkit.org/show_bug.cgi?id=83414
Reviewed by Gavin Barraclough.
Presumably during the mass-devirtualising of JSObject, this deliberate use of
the GlobalObject's property lookup logic directly was replaced with a dynamic
call. That results in the DOMWindow filtering out the lookup. This regression
was masked by r93567.
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::DialogHandler::returnValue):
2012-04-16 Lucas Forschler
Merge 111108
2012-03-16 Dmitry Titov
HTMLFrameElementBase::m_remainsAliveOnRemovalFromTree can be cleared without unloading the frame.
https://bugs.webkit.org/show_bug.cgi?id=80766
Reviewed by Adam Barth.
* html/HTMLFrameElementBase.cpp:
(WebCore::HTMLFrameElementBase::insertedIntoDocument):
(WebCore::HTMLFrameElementBase::setRemainsAliveOnRemovalFromTree):
if adoptNode() is called on a detached iframe or with a detached document,
unload the iframe to avoid live iframe to hang around w/o being attached to
a document.
2012-04-17 Lucas Forschler
Merge 112023
2012-03-24 Jeffrey Pfau
XML error document creation should not fire mutation events
https://bugs.webkit.org/show_bug.cgi?id=80765
Reviewed by Adam Barth.
Broke two tests that expected the old behavior, which have now been updated.
* xml/XMLErrors.cpp:
(WebCore::createXHTMLParserErrorHeader):
(WebCore::XMLErrors::insertErrorMessageBlock):
2012-04-16 Lucas Forschler
Merge 110150
2012-03-07 Adam Barth
ContainerNode::insertedIntoDocument and removedFromDocument use weak iteration patterns
https://bugs.webkit.org/show_bug.cgi?id=80569
Reviewed by Ryosuke Niwa.
This patch moves ContainerNode::insertedIntoDocument and
removedFromDocument to using a better iteration pattern in which we
collect all the nodes we're planning to iterate into a vector and then
iterate over them.
* dom/ContainerNode.cpp:
(WebCore::ContainerNode::insertedIntoDocument):
(WebCore::ContainerNode::removedFromDocument):
2012-04-16 Lucas Forschler
Merge 110139
2012-03-07 Adam Barth
ContainerNode::willRemove uses a weak iteration pattern
https://bugs.webkit.org/show_bug.cgi?id=80530
Reviewed by Ryosuke Niwa.
This patch moves ContainerNode::willRemove to using a better iteration
pattern in which we collect all the nodes we're planning to iterate
into a vector and then iterate over them.
* dom/ContainerNode.cpp:
(WebCore::ContainerNode::willRemove):
2012-04-17 Lucas Forschler
Merging to the correct branch.
2012-04-13 David Harrison
Reviewed by Darin Adler.
Meringue: 11A390: CrashTracer: 56,187 crashes in WebProcess at com.apple.WebCore: WebCore::DocumentWriter::deprecatedFrameEncoding const + 12 (71828)
No new tests because this change is going only on the Safari Nectarine branch, not TOT.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::addExtraFieldsToRequest):
Nil check the activeDocumentLoader().
2012-03-29 Beth Dakin
Reviewed by Dan Bernstein.
Branch: Shadow inside text field is blurry/blocky in
HiDPI
This patch merges the following changes to the branch:
http://trac.webkit.org/changeset/97032
http://trac.webkit.org/changeset/98520
This patch also adds branch-specific code that makes it so the regression tracked
by only affects the branch in HiDPI mode.
Essentially, this is a workaround for . With this
workaround, when the deviceScaleFactor is 1, we have an old-school gradient bezel
in text fields whether they are styled or not. This is good and matches shipping
Safari. When the deviceScaleFactor is greater than 1, text fields will have newer,
AppKit-matching gradients that look much more appropriate at the higher
resolutions. However, if the text field is styled in any way, we'll revert to the
old-school bezel, which doesn't look great in HiDPI, but it looks better than the
CSS border, which is the only alternative until 11150452 is resolved.
This is the merging of the changes listed above.
* platform/mac/ThemeMac.mm:
(WebCore::ThemeMac::ensuredView):
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::paintSliderThumb):
isControlStyled() should treat text fields like it used to in order to avoid the
regression tracked by 11115221.
* rendering/RenderThemeMac.h:
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::isControlStyled):
Use the old gradient always unless we are an unstyled text field in HiDPI.
(WebCore::RenderThemeMac::paintTextField):
(WebCore::RenderThemeMac::textField):
2012-03-16 Lucas Forschler
Merge 107102
2012-02-08 Anders Carlsson
Fix assertion in svg/dom/SVGStyledElement-pendingResource-crash.html
https://bugs.webkit.org/show_bug.cgi?id=78126
Reviewed by Dan Bernstein.
This broke in r106977 when I tried to change an early return into an ASSERT,
so let's bring back the early return.
* page/FrameView.cpp:
(WebCore::FrameView::notifyPageThatContentAreaWillPaint):
2012-03-16 Lucas Forschler
Merge 106977
2012-02-06 Anders Carlsson
ScrollableAreaSet should be moved from Page to FrameView
https://bugs.webkit.org/show_bug.cgi?id=62762
Reviewed by Beth Dakin.
It makes more sense for the set of scrollable areas to be per frame view instead of per page;
scrollable areas are associated with a containing frame view and their lifecycle follows the lifecycle of the
frame view much more closely. This could even fix a bunch of crashes where a scrollable area outlived its containing page.
* WebCore.exp.in:
Replace the Page member functions with FrameView member functions instead.
* page/EventHandler.cpp:
(WebCore::EventHandler::mouseMoved):
Check if the frame view contains the given layer.
(WebCore::EventHandler::updateMouseEventTargetNode):
Ditto.
* page/FocusController.cpp:
(WebCore::contentAreaDidShowOrHide):
Add helper function.
(WebCore::FocusController::setContainingWindowIsVisible):
Call contentAreaDidShowOrHide for the main frame view, and for all scrollable areas
inside all subframe views.
* page/FrameView.cpp:
(WebCore::FrameView::FrameView):
Use early returns to make the code more clear. Also, don't add the scrollable area to the set here.
(WebCore::FrameView::~FrameView):
Don't remove the scrollable area here.
(WebCore::FrameView::zoomAnimatorTransformChanged):
m_page is gone so use m_frame->page() instead.
(WebCore::FrameView::setAnimatorsAreActive):
Call ScrollAnimator::setIsActive for all the scrollable areas in this frame view. Previously we used to do
this for all scrollable areas on the page, but since setAnimatorsAreActive will be called for each document,
this will be done implicitly.
(WebCore::FrameView::notifyPageThatContentAreaWillPaint):
Call ScrollableArea::contentDidPaint for this frame view and all its immediate scrollable areas. Previously, we used
to do this for all scrollable areas on the page, but we only need to do it for this frame view.
(WebCore::FrameView::scrollAnimatorEnabled):
Get the page from m_frame since m_page is gone.
(WebCore::FrameView::addScrollableArea):
(WebCore::FrameView::removeScrollableArea):
(WebCore::FrameView::containsScrollableArea):
Move these member functions here from Page.
(WebCore::FrameView::addChild):
If we are adding a frame view, add it to the scrollable area set.
(WebCore::FrameView::removeChild):
If we are removing a frame view, remove it from the scrollable area set.
* page/FrameView.h:
Move the member function declarations and the scrollable area set member variable here from Page.
* page/Page.cpp:
(WebCore::Page::~Page):
Don't call disconnectPage on the scrollable areas anymore.
* platform/ScrollView.h:
(ScrollView):
Make addChild and removeChild virtual.
* platform/ScrollableArea.h:
Remove disconnectFromPage.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::RenderLayer):
(WebCore::RenderLayer::~RenderLayer):
(WebCore::RenderLayer::styleChanged):
The frame view now keeps track of the scrollable areas.
* rendering/RenderLayer.h:
Remove the page member variable and disconnectFromPage.
* rendering/RenderListBox.cpp:
(WebCore::RenderListBox::RenderListBox):
(WebCore::RenderListBox::~RenderListBox):
The frame view now keeps track of the scrollable areas.
* rendering/RenderListBox.h:
Remove the page member variable and disconnectFromPage.
2012-03-14 Lucas Forschler
Merge 110196
2012-03-08 Dan Bernstein Dashboard regions should not be in device space
Reviewed by John Sullivan.
Test: TestWebKitAPI/Tests/mac/DeviceScaleFactorInDashboardRegions.mm
* rendering/RenderInline.cpp:
(WebCore::RenderInline::addDashboardRegions): Stop applying the device scale factor to
Dashboard regions.
* rendering/RenderObject.cpp:
(WebCore::RenderObject::addDashboardRegions): Ditto.
2012-03-14 Lucas Forschler
Merge 110480
2012-03-12 Beth Dakin
https://bugs.webkit.org/show_bug.cgi?id=80888
Clear background for NSTextFieldCell is unreliable and not necessary
-and corresponding-
Reviewed by Dan Bernstein.
With http://trac.webkit.org/changeset/104240 I thought it was necessary to
make NSTextFieldCells draw with a clear background in order to allow styled
text fields. That is not actually necessary; we just had a different bug
where isControlStyled() was only checking for styled borders on text fields.
Text fields can also be styled with backgrounds, so they need the full check.
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::isControlStyled):
(WebCore::RenderThemeMac::textField):
2012-03-14 Lucas Forschler
Merge 104240
2012-01-05 Beth Dakin
https://bugs.webkit.org/show_bug.cgi?id=75654
Text fields should draw using NSTextFieldCell instead of WebKitSystemInterface
Reviewed by John Sullivan.
This change should not have any affect on tests or real web sites. It just changed
the implementation under the hood to the more modern NSCell approach.
* rendering/RenderThemeMac.h:
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::paintTextField):
(WebCore::RenderThemeMac::textField):
2012-03-07 Lucas Forschler
Merge 109594
2012-03-02 Maciej Stachowiak
REGRESSION(r97353): Crash when accessing location or history properties inside a navigated window
https://bugs.webkit.org/show_bug.cgi?id=80133
Reviewed by Antti Koivisto.
Test: fast/dom/Window/navigated-window-properties.html
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore): Remove custom getters for window.location and window.history; they
were unnecessary and did the wrong thing when DOMWindow returned null values
for these.
* page/DOMWindow.idl: ditto
* bindings/js/JSDOMBinding.cpp:
(WebCore::reportException): Remove assert about null values and update comment,
since this is now an expected state for navigated inner windows.
2011-02-17 Lucas Forschler
Merge 107966
2012-02-15 Mark Rowe
NPN_GetValueForURL / NPNURLVProxy returns DIRECT when proxy configured via PAC
/
Reviewed by Anders Carlsson.
* platform/network/cf/ProxyServerCFNet.cpp:
(WebCore::proxyAutoConfigurationResultCallback): Stop the runloop, and then process
the results that we received.
(WebCore::processProxyServers): Processing of array of proxy configuration information
moved from addProxyServersForURL. Handling of proxy auto-configuration URLs is now handled
by calling CFNetworkExecuteProxyAutoConfigurationURL and waiting synchronously on the result
callback. Doing this synchronously is not great, but it's the best we can do without a lot
of restructuring of the code that calls this. We arbitrarily time out the execution after five
seconds to avoid permanently hanging.
(WebCore::addProxyServersForURL): Call in to our helper function.
2011-02-13 Lucas Forschler
Merge 106388
2012-01-31 Jon Lee
Hidden form elements do not save their state prior to form submission
https://bugs.webkit.org/show_bug.cgi?id=77391
Reviewed by Brady Eidson.
Test: fast/forms/state-restore-hidden.html
* html/HiddenInputType.cpp: Teach hidden inputs to save and restore their state.
(WebCore::HiddenInputType::saveFormControlState):
(WebCore::HiddenInputType::restoreFormControlState):
* html/HiddenInputType.h:
(HiddenInputType):
2011-02-07 Lucas Forschler
Merge 106982
2012-02-07 Brady Eidson and https://bugs.webkit.org/show_bug.cgi?id=78003
WebKit associates credentials with the wrong site if the authentication challenge takes place after a redirect chain
Reviewed by Alexey Proskuryakov.
Test: http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html
Associate the credential with the URL of the challenge itself, not the original request:
* platform/network/cf/ResourceHandleCFNet.cpp:
(WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
(WebCore::ResourceHandle::receivedCredential):
* platform/network/mac/ResourceHandleMac.mm:
(WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
(WebCore::ResourceHandle::receivedCredential):
2011-02-06 Lucas Forschler
Merge 106729
2012-02-03 Tim Horton
Canvas-into-canvas drawing should respect backing store scale ratio
https://bugs.webkit.org/show_bug.cgi?id=77784
Reviewed by Dan Bernstein.
Respect the backing store scale ratio when drawing a canvas into another
canvas via ctx.drawImage(canvas, x, y). Previous behavior caused canvas
drawing to differ based on the size of the backing store, which is ideally
an implementation detail to authors.
Also, rename the source canvas arguments to CanvasRenderingContext2D::drawImage
to be more clear.
No new tests.
* html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::CanvasRenderingContext2D::drawImage):
2011-02-06 Lucas Forschler
Merge 104356
2012-01-06 Tim Horton
[cg] userSpaceOnUse SVG Patterns have the wrong origin
https://bugs.webkit.org/show_bug.cgi?id=75741
Reviewed by Simon Fraser.
The transformation from pattern space to user space should use the userToBase CTM,
not the current CTM.
Test: svg/custom/pattern-userSpaceOnUse-userToBaseTransform.xhtml
* platform/graphics/cg/GraphicsContextCG.cpp:
(WebCore::GraphicsContext::applyStrokePattern):
(WebCore::GraphicsContext::applyFillPattern):
(WebCore::GraphicsContext::getCTM):
* platform/graphics/cg/TransformationMatrixCG.cpp:
(WebCore::AffineTransform::AffineTransform): Add a AffineTransform(CGAffineTransform) constructor
* platform/graphics/transforms/AffineTransform.h:
2011-02-06 Lucas Forschler
Merge 106678
2012-02-03 Beth Dakin
https://bugs.webkit.org/show_bug.cgi?id=77691
Fix PlatformScreen layering violation and PlatformScreenMac's incorrect use
of device scale
Reviewed by Andy Estes.
Make screenAvailableRect() and screenRect() take a Widget again instead of a
FrameView since taking a FrameView is a layering violation.
* WebCore.exp.in:
* platform/PlatformScreen.h:
(WebCore):
* platform/blackberry/PlatformScreenBlackBerry.cpp:
(WebCore::screenAvailableRect):
(WebCore::screenRect):
* platform/chromium/PlatformScreenChromium.cpp:
(WebCore::screenRect):
(WebCore::screenAvailableRect):
* platform/chromium/PlatformSupport.h:
(WebCore):
(PlatformSupport):
* platform/efl/PlatformScreenEfl.cpp:
(WebCore::screenRect):
(WebCore::screenAvailableRect):
* platform/gtk/PlatformScreenGtk.cpp:
(WebCore::screenRect):
(WebCore::screenAvailableRect):
* platform/qt/PlatformScreenQt.cpp:
(WebCore::screenRect):
(WebCore::screenAvailableRect):
* platform/win/PlatformScreenWin.cpp:
(WebCore::screenRect):
(WebCore::screenAvailableRect):
* platform/wx/ScreenWx.cpp:
(WebCore::screenRect):
(WebCore::screenAvailableRect):
It's wrong for the deviceScaleFactor to be taken into consideration here at
all.
* platform/mac/PlatformScreenMac.mm:
(WebCore::screenRect):
(WebCore::screenAvailableRect):
(WebCore::toUserSpace):
(WebCore::toDeviceSpace):
2011-02-01 Lucas Forschler
Merge 106286
2012-01-30 Beth Dakin
Speculative 32-bit build-fix.
* WebCore.exp.in:
2011-02-01 Lucas Forschler
Merge 106271
2012-01-30 Beth Dakin
https://bugs.webkit.org/show_bug.cgi?id=77263
PlatformScreenMac should not rely on NSWindow for important bits of data
Reviewed by Geoff Garen.
The main problem is that we cannot rely on the NSWindow for information about
the deviceScaleFactor because we cannot access an NSWindow from within
WebCore for WebKit2 windows. Instead, we can fetch it from
WebCore::deviceScaleFactor(), but we need a Frame to call that. So
screenAvailableRect and screenRect both now take a FrameView* instead of a
Widget*. All existing call sites actually sent a FrameView in anyway, so this
is not a big change, but it does require touching a lot of platforms.
* WebCore.exp.in:
* platform/PlatformScreen.h:
(WebCore):
* platform/blackberry/PlatformScreenBlackBerry.cpp:
(WebCore::screenAvailableRect):
(WebCore::screenRect):
* platform/chromium/PlatformScreenChromium.cpp:
(WebCore::screenRect):
(WebCore::screenAvailableRect):
* platform/chromium/PlatformSupport.h:
(WebCore):
(PlatformSupport):
():
* platform/efl/PlatformScreenEfl.cpp:
(WebCore::screenRect):
(WebCore::screenAvailableRect):
* platform/gtk/PlatformScreenGtk.cpp:
(WebCore::screenRect):
(WebCore::screenAvailableRect):
* platform/qt/PlatformScreenQt.cpp:
(WebCore::screenRect):
(WebCore::screenAvailableRect):
* platform/win/PlatformScreenWin.cpp:
(WebCore::screenRect):
(WebCore::screenAvailableRect):
* platform/wx/ScreenWx.cpp:
(WebCore::screenRect):
(WebCore::screenAvailableRect):
The Mac-only functions toUserSpace() and toDeviceSpace() were also updated to
take a parameter for the deviceScaleFactor.
* platform/mac/PlatformScreenMac.mm:
(WebCore::screenRect):
(WebCore::screenAvailableRect):
(WebCore::toUserSpace):
(WebCore::toDeviceSpace):
2011-01-27 Lucas Forschler
Merge 106130
2012-01-27 Abhishek Arya
Crash in DocumentLoader::detachFromFrame.
https://bugs.webkit.org/show_bug.cgi?id=62764
Reviewed by Brady Eidson.
r105556 didn't fix the crash because canceling the
main resource loader blows away both the current
document loader and frame underneath. Both protectors
are also used in stopLoading() when m_mainResourceLoader->cancel()
is called. Also, tested the fix under ASAN.
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::detachFromFrame):
2012-01-25 Mark Rowe
Merge r105942.
2012-01-25 Mark Rowe
Build in to an alternate location when USE_STAGING_INSTALL_PATH is set.
Adopt USE_STAGING_INSTALL_PATH
Reviewed by David Kilzer.
* Configurations/WebCore.xcconfig: Define NORMAL_WEBCORE_FRAMEWORKS_DIR, which contains
the path where WebCore is normally installed. Update WEBCORE_FRAMEWORKS_DIR to point to
the staged frameworks directory when USE_STAGING_INSTALL_PATH is set. Define
NORMAL_PRODUCTION_FRAMEWORKS_DIR, which contains the path where our public frameworks
are normally installed. Update PRODUCTION_FRAMEWORKS_DIR to point to the staged frameworks
directory when USE_STAGING_INSTALL_PATH is set. Always set the framework's install name
based on the normal framework location. This prevents an incorrect install name from being
used when installing in to the staged frameworks directory. Look for our other frameworks
in the staged frameworks directory when USE_STAGING_INSTALL_PATH is set.
2011-01-24 Lucas Forschler
Merge 105556
2012-01-20 Brady Eidson and https://bugs.webkit.org/show_bug.cgi?id=62764
Frequent crashes due to null frame below ApplicationCacheHost::scheduleLoadFallbackResourceFromApplicationCache
Reviewed by Sam Weinig.
No way to reproduce without special malloc debugging and that doesn't even reproduce on all platforms. So still no test.
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::detachFromFrame): Protect m_frame for the duration of this method.
2011-01-18 Lucas Forschler
Merge 95580
2011-09-20 Jochen Eisinger
Invoke CachedResourceLoader::canRequest for all URLs in a redirect chain
https://bugs.webkit.org/show_bug.cgi?id=68279
Reviewed by Adam Barth.
* loader/cache/CachedResourceLoader.h:
* loader/cache/CachedResourceRequest.cpp:
(WebCore::CachedResourceRequest::willSendRequest):
2011-01-18 Lucas Forschler
Merge 89155
paste
2011-01-18 Lucas Forschler
Merge 98935
2011-10-31 Jeremy Apthorp
Fix a crash relating to anonymous block merging in
RenderFullScreen::unwrapRenderer.
https://bugs.webkit.org/show_bug.cgi?id=70705
Reviewed by Simon Fraser.
Test: fullscreen/anonymous-block-merge-crash.html
* rendering/RenderFullScreen.cpp:
(RenderFullScreen::unwrapRenderer):
2011-01-18 Lucas Forschler
Merge 104275
2012-01-05 Kent Tamura
Fix a crash by importing an element of which local name ends with ":input".
https://bugs.webkit.org/show_bug.cgi?id=75103
Reviewed by Ryosuke Niwa.
Test: fast/dom/importNode-confusing-localName.html
* dom/Document.cpp:
(WebCore::Document::importNode): Pass QualifiedName of the source elemnt
to createElement() in order to avoid unnecessary serialization and
parsing of the qualified name
2011-01-18 Lucas Forschler
Merge 97088
2011-10-10 Jeremy Apthorp
Exiting fullscreen shouldn't crash if the element that was fullscreened
had associated anonymous blocks.
https://bugs.webkit.org/show_bug.cgi?id=68503
Reviewed by Simon Fraser.
Test: fullscreen/full-screen-render-inline.html
Test: fullscreen/parent-flow-inline-with-block-child.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::moveChildTo):
(WebCore::RenderBlock::moveChildrenTo):
* rendering/RenderBlock.h:
(WebCore::RenderBlock::moveChildTo):
(WebCore::RenderBlock::moveAllChildrenTo):
(WebCore::RenderBlock::moveChildrenTo):
* rendering/RenderFullScreen.cpp:
(RenderFullScreen::unwrapRenderer):
Move all children back to the parent, not just the firstChild.
2011-01-18 Lucas Forschler
Merge 95371
2011-09-16 Jeremy Apthorp and James Kozianski
Don't detach elements from the render tree when entering fullscreen mode
https://bugs.webkit.org/show_bug.cgi?id=66531
This prevents plugin instances from being destroyed and reinstantiated
when entering fullscreen mode.
Reviewed by James Robinson.
Test: plugins/fullscreen-plugins-dont-reload.html
* dom/Document.cpp:
(WebCore::Document::webkitWillEnterFullScreenForElement):
(WebCore::Document::webkitDidExitFullScreenForElement):
* dom/NodeRenderingContext.cpp:
(WebCore::NodeRendererFactory::createRendererIfNeeded):
* rendering/RenderFullScreen.cpp:
(createFullScreenStyle):
(RenderFullScreen::wrapRenderer):
(RenderFullScreen::unwrapRenderer):
* rendering/RenderFullScreen.h:
2011-01-17 Lucas Forschler
Merge 103913 & 103915
2012-01-02 Sam Weinig
Fix the build.
* bindings/scripts/CodeGeneratorJS.pm:
2012-01-02 Sam Weinig
REGRESSION(r100517): We're leaking many, many DOM objects!
https://bugs.webkit.org/show_bug.cgi?id=75451
Reviewed by Mark Rowe.
* bindings/scripts/CodeGeneratorJS.pm:
Add a temporary workaround to the problem of handle finalizers
not getting called by adding back the destructors (or rather
their replacement, destroy() functions).
2011-1-17 Lucas Forschler
Merge 104593
2012-01-10 Brady Eidson and https://bugs.webkit.org/show_bug.cgi?id=62764
Frequent crashes due to null frame below ApplicationCacheHost::scheduleLoadFallbackResourceFromApplicationCache
Reviewed by Maciej Stachowiak.
This is a non-reproducible high volume crash, so no test :(.
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::stopLoading): Don't re-run actual "stop loading" logic if the document loader is already
stopping loading. Also add an ASSERT that might catch cases where new loads may have been started while old loads
were being stopped.
(WebCore::DocumentLoader::detachFromFrame): Be conservative and stop loading when we detach a document loader from a frame.
2011-1-17 Lucas Forschler
Merge 97303
2011-10-12 Chris Fleizach
AX: CrashTracer: [USER] 296 crashes in WebProcess at com.apple.WebCore: WebCore::AccessibilityScrollbar::document const + 29
https://bugs.webkit.org/show_bug.cgi?id=69936
AX Scrollbars have a weak pointer to their parent. They need to become AccessibilityMockObjects, so that they can
participate in the detachFromParent() methods that happens when those parents go away.
Could not reproduce the crash, but the backtrace is unequivocal.
Reviewed by Darin Adler.
* accessibility/AccessibilityScrollView.cpp:
(WebCore::AccessibilityScrollView::removeChildScrollbar):
* accessibility/AccessibilityScrollbar.cpp:
(WebCore::AccessibilityScrollbar::AccessibilityScrollbar):
* accessibility/AccessibilityScrollbar.h:
(WebCore::AccessibilityScrollbar::scrollbar):
(WebCore::AccessibilityScrollbar::isAccessibilityScrollbar):
2011-1-17 Lucas Forschler
Merge 96973
2011-10-07 Chris Fleizach
Bug 69562 - AccessibilityImageMapLink holds onto it's parent even after it's been freed
https://bugs.webkit.org/show_bug.cgi?id=69562
Some fake objects, like AXImageMapLink, have weak references to their parent's (since they are fake objects and
need some connection to the parent). However, if the parent disappears before the child, then we're left with a
out of date reference to that parent.
The fix is to allow these elements to clear their parentage when the parent goes away.
Reviewed by Darin Adler.
Test: accessibility/image-map-update-parent-crash.html
* accessibility/AccessibilityMenuListOption.cpp:
(WebCore::AccessibilityMenuListOption::isVisible):
* accessibility/AccessibilityMenuListPopup.cpp:
(WebCore::AccessibilityMenuListPopup::isOffScreen):
(WebCore::AccessibilityMenuListPopup::isEnabled):
(WebCore::AccessibilityMenuListPopup::press):
(WebCore::AccessibilityMenuListPopup::addChildren):
(WebCore::AccessibilityMenuListPopup::childrenChanged):
* accessibility/AccessibilityMockObject.h:
(WebCore::AccessibilityMockObject::detachFromParent):
* accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::clearChildren):
* accessibility/AccessibilityObject.h:
(WebCore::AccessibilityObject::detachFromParent):
* accessibility/AccessibilitySlider.cpp:
(WebCore::AccessibilitySliderThumb::elementRect):
* accessibility/AccessibilityTableColumn.cpp:
(WebCore::AccessibilityTableColumn::headerObjectForSection):
2012-01-17 Mark Rowe
Merge r99649.
2011-11-08 Chris Evans
Crash accessing font fact rule parent
https://bugs.webkit.org/show_bug.cgi?id=71860
Reviewed by Adam Barth.
Test: fast/css/css-fontface-rule-crash.html
* css/CSSFontFaceRule.cpp:
(WebCore::CSSFontFaceRule::~CSSFontFaceRule): tell our child rule when we are going away.
2012-01-17 Mark Rowe
Merge r99982.
2011-11-11 Gavin Peters
Protect Document during error responses
https://bugs.webkit.org/show_bug.cgi?id=72068
Add a Document protector to the error response code handler, just
as exists for other ends of requests.
Reviewed by Nate Chapin.
Test: http/tests/misc/xslt-bad-import.html
* loader/cache/CachedResourceRequest.cpp:
(WebCore::CachedResourceRequest::didReceiveData):
2011-1-17 Lucas Forschler
Merge 96966
2011-10-07 Chris Fleizach
AX: re-organize fake elements to use new AccessibilityMockObject
https://bugs.webkit.org/show_bug.cgi?id=69588
This adds an AccessibilityMockObject for "fake" elements to descend from.
Its benefit is to consolidate the various ways that these fake elements are setting
and returning their parent objects.
No functional change, hence no new tests.
Reviewed by Jon Honeycutt.
* CMakeLists.txt:
* GNUmakefile.list.am:
* WebCore.gypi:
* WebCore.pro:
* WebCore.vcproj/WebCore.vcproj:
* WebCore.xcodeproj/project.pbxproj:
* accessibility/AccessibilityARIAGrid.cpp:
(WebCore::AccessibilityARIAGrid::addChildren):
* accessibility/AccessibilityImageMapLink.cpp:
(WebCore::AccessibilityImageMapLink::AccessibilityImageMapLink):
* accessibility/AccessibilityImageMapLink.h:
(WebCore::AccessibilityImageMapLink::node):
* accessibility/AccessibilityMenuList.cpp:
(WebCore::AccessibilityMenuList::addChildren):
* accessibility/AccessibilityMenuList.h:
(WebCore::toAccessibilityMenuList):
* accessibility/AccessibilityMenuListOption.cpp:
(WebCore::AccessibilityMenuListOption::AccessibilityMenuListOption):
(WebCore::AccessibilityMenuListOption::isVisible):
* accessibility/AccessibilityMenuListOption.h:
* accessibility/AccessibilityMenuListPopup.cpp:
(WebCore::AccessibilityMenuListPopup::AccessibilityMenuListPopup):
(WebCore::AccessibilityMenuListPopup::isOffScreen):
(WebCore::AccessibilityMenuListPopup::isEnabled):
(WebCore::AccessibilityMenuListPopup::menuListOptionAccessibilityObject):
(WebCore::AccessibilityMenuListPopup::press):
(WebCore::AccessibilityMenuListPopup::addChildren):
(WebCore::AccessibilityMenuListPopup::childrenChanged):
(WebCore::AccessibilityMenuListPopup::didUpdateActiveOption):
* accessibility/AccessibilityMenuListPopup.h:
* accessibility/AccessibilityMockObject.cpp: Added.
(WebCore::AccessibilityMockObject::AccessibilityMockObject):
(WebCore::AccessibilityMockObject::~AccessibilityMockObject):
* accessibility/AccessibilityMockObject.h: Added.
(WebCore::AccessibilityMockObject::parentObject):
(WebCore::AccessibilityMockObject::setParent):
(WebCore::AccessibilityMockObject::detachFromParent):
* accessibility/AccessibilitySlider.cpp:
(WebCore::AccessibilitySlider::addChildren):
(WebCore::AccessibilitySliderThumb::AccessibilitySliderThumb):
(WebCore::AccessibilitySliderThumb::elementRect):
* accessibility/AccessibilitySlider.h:
* accessibility/AccessibilityTable.cpp:
(WebCore::AccessibilityTable::addChildren):
(WebCore::AccessibilityTable::headerContainer):
* accessibility/AccessibilityTable.h:
(WebCore::toAccessibilityTable):
* accessibility/AccessibilityTableColumn.cpp:
(WebCore::AccessibilityTableColumn::AccessibilityTableColumn):
(WebCore::AccessibilityTableColumn::setParent):
(WebCore::AccessibilityTableColumn::headerObject):
(WebCore::AccessibilityTableColumn::headerObjectForSection):
(WebCore::AccessibilityTableColumn::accessibilityIsIgnored):
(WebCore::AccessibilityTableColumn::addChildren):
* accessibility/AccessibilityTableColumn.h:
* accessibility/AccessibilityTableHeaderContainer.cpp:
(WebCore::AccessibilityTableHeaderContainer::AccessibilityTableHeaderContainer):
(WebCore::AccessibilityTableHeaderContainer::accessibilityIsIgnored):
(WebCore::AccessibilityTableHeaderContainer::addChildren):
* accessibility/AccessibilityTableHeaderContainer.h:
2011-1-17 Lucas Forschler
Merge 91148
2011-07-16 Kulanthaivel Palanichamy
Reviewed by Nikolas Zimmermann.
SVG animation API crashes on SVGAnimateTransform
https://bugs.webkit.org/show_bug.cgi?id=64104
This patch ensures the update in AnimatedTransform list in
SVGAnimateTransformElement.cpp is in sync with its wrapper list.
Test: svg/animations/svgtransform-animation-discrete.html
* svg/SVGAnimateTransformElement.cpp:
(WebCore::animatedTransformListFor):
(WebCore::SVGAnimateTransformElement::resetToBaseValue):
(WebCore::SVGAnimateTransformElement::calculateAnimatedValue):
(WebCore::SVGAnimateTransformElement::applyResultsToTarget):
2012-01-17 Mark Rowe
Merge r94107.
2011-08-30 Abhishek Arya
Removed m_owner accessed in custom scrollbars.
https://bugs.webkit.org/show_bug.cgi?id=64737
Reviewed by David Hyatt.
Problem does not reproduce in DRT, even with Eventhandler tricks
and gc(). So, adding a manual test.
* manual-tests/custom-scrollbar-renderer-removed-crash.html: Added.
* page/FrameView.cpp:
(WebCore::FrameView::clearOwningRendererForCustomScrollbars):
* page/FrameView.h:
* rendering/RenderBox.cpp:
(WebCore::RenderBox::willBeDestroyed): when this renderbox is getting
destroyed, clear the custom scrollbar in this frameview having this renderbox
as its owning renderer.
* rendering/RenderScrollbar.cpp:
(WebCore::RenderScrollbar::getScrollbarPseudoStyle): fix the null check.
2012-01-17 Mark Rowe
Merge r100408.
2011-11-15 Darin Adler
Incorrect type checks in RenderTheme media code
https://bugs.webkit.org/show_bug.cgi?id=72184
Reviewed by Eric Carlson.
No tests added. Ideally this patch should be revised to add tests!
* accessibility/AccessibilityMediaControls.cpp:
(WebCore::AccessibilityMediaControl::create): Use mediaControlElementType.
(WebCore::AccessibilityMediaControl::controlType): Ditto.
(WebCore::AccessibilityMediaTimeline::valueDescription): Use early return
rather than an assertion to check type of input element.
* html/shadow/MediaControlElements.cpp:
(WebCore::mediaControlElementType): Added. A type-safe way to get the
media control element type after checking isMediaControlElement but with
no other assumptions.
* html/shadow/MediaControlElements.h: Added mediaControlElementType.
* platform/efl/RenderThemeEfl.cpp:
(WebCore::RenderThemeEfl::paintMediaPlayButton): Use mediaControlElementType.
(WebCore::RenderThemeEfl::paintMediaSeekBackButton): Use mediaControlElementType.
(WebCore::RenderThemeEfl::paintMediaSeekForwardButton): Use mediaControlElementType.
* platform/gtk/RenderThemeGtk.cpp:
(WebCore::RenderThemeGtk::paintMediaPlayButton): Check isMediaControlElement and
use mediaControlElementType.
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::paintMediaMuteButton): Ditto. Also remove uneeded
redundant null check.
(WebCore::RenderThemeMac::paintMediaPlayButton): Ditto.
(WebCore::RenderThemeMac::paintMediaToggleClosedCaptionsButton): Ditto.
2012-01-17 Mark Rowe
Merge r101543.
2011-11-30 James Simonsen
Fix valgrind issue in SubresourceLoader::didFinishLoading
https://bugs.webkit.org/show_bug.cgi?id=72787
Hang on to CachedResource until finish() is called.
Reviewed by Nate Chapin.
Test: fast/loader/subresource-load-failed-crash.html (under asan)
* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::didFinishLoading):
(WebCore::SubresourceLoader::didFail):
2012-01-17 Mark Rowe
Merge r103118.
2011-12-16 Tim Horton
Canvas should respect backing store scale ratio when used as drawImage() source
https://bugs.webkit.org/show_bug.cgi?id=74758
Reviewed by Simon Fraser.
Interpret the source rectangle passed into drawImage() when using a Canvas source in the source Canvas coordinate space,
instead of in the backing store coordinate space, without changing the behavior of drawImage(canvas, x, y).
No new tests.
* html/HTMLCanvasElement.cpp:
(WebCore::HTMLCanvasElement::convertDeviceToLogical):
* html/HTMLCanvasElement.h:
* html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::CanvasRenderingContext2D::drawImage):
2012-01-17 Mark Rowe
Merge r104669.
2012-01-10 Jer Noble
Crash in HTMLMediaElement::shouldDisableSleep()
https://bugs.webkit.org/show_bug.cgi?id=76025
Reviewed by Dan Bernstein.
Check nullity of m_player before dereferencing.
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::shouldDisableSleep):
2012-01-17 Mark Rowe
Merge r104619.
2012-01-10 Jer Noble
REGRESSION (r102024): Having the Bing homepage open prevents idle sleep
https://bugs.webkit.org/show_bug.cgi?id=75972
Reviewed by Oliver Hunt.
No new tests; no testing infrastructure exists to test display sleep assertions.
Only disable idle and display sleep when a video element is not paused, not looping, and
has both a video and audio track.
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::mediaPlayerRateChanged): Factor into updateDisableSleep() and
shouldDisplaySleep().
(WebCore::HTMLMediaElement::setLoop): Ditto.
(WebCore::HTMLMediaElement::attributeChanged): Ditto.
(WebCore::HTMLMediaElement::updateDisableSleep):
(WebCore::HTMLMediaElement::shouldDisableSleep):
* html/HTMLMediaElement.h:
2012-01-16 Mark Rowe
Merge r99591.
2011-11-08 Darin Adler
Speculative fix for crashes seen in DocumentWriter::deprecatedFrameEncoding
https://bugs.webkit.org/show_bug.cgi?id=71828
Reviewed by Nate Chapin.
No new tests; not sure how to reproduce this, but crash traces indicate it
is an otherwise-harmless null dereference.
* loader/DocumentWriter.cpp:
(WebCore::DocumentWriter::deprecatedFrameEncoding):
Handle null document the same as a document without a URL.
2012-01-16 Mark Rowe
Merge r103860.
2011-12-31 Dan Bernstein
WebCore change for Cannot print USPS shipping labels
http://webkit.org/b/72801
Reviewed by Anders Carlsson and Alexey Proskuryakov.
* WebCore.exp.in: Exported Chrome::print().
2012-01-16 Mark Rowe
Merge r103858.
2011-12-31 Dan Bernstein
WebCore changes for REGRESSION (WebKit2): Printing a subframe containing a PDF prints the on-screen view instead of the entire PDF document
Reviewed by Alexey Proskuryakov.
* WebCore.exp.in: Exported PluginDocument::pluginWidget().
* WebCore.xcodeproj/project.pbxproj: Promoted PluginDocument.h to private.
* html/PluginDocument.h: Fixed a typo in a comment.
2012-01-16 Mark Rowe
Fix .
* platform/mac/ScrollAnimatorMac.mm:
(WebCore::ScrollAnimatorMac::notityPositionChanged):
2012-01-04 Alexey Proskuryakov
Reviewed by John Sullivan.
Many crashes at DocumentThreadableLoader::cancel
No tests, because we could not reproduce this.
* loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::cancel): Added
a null check.
2012-01-16 Mark Rowe
Merge r102540.
2011-12-11 Andreas Kling
WK2/NetscapePlugin: Incorrect mouse event coordinates when frameScaleFactor != 1.
and
Reviewed by Anders Carlsson.
* WebCore.exp.in: Export AffineTransform::scale(double).
2012-01-16 Mark Rowe
Merge r104378.
2012-01-06 Mark Rowe
REGRESSION (r83075): Save as PDF does not generate any links for webkit.org and others
Use RenderObject::hasOutline when determining whether to always create line boxes so that
we take in to consideration whether we'll be creating PDF link rects.
Reviewed by Dan Bernstein.
* rendering/RenderInline.cpp:
(WebCore::RenderInline::styleDidChange):
2011-1-16 Lucas Forschler
Merge 91324
2011-07-19 Simon Fraser
REGRESSION (r91136-r91146): 40 tests failing on Windows 7 Release (Tests)
https://bugs.webkit.org/show_bug.cgi?id=64808
Reviewed by Adam Roben.
Initializing m_uncommittedChanges to a non-zero value
caused the first call to noteLayerPropertyChanged() to
not call m_client->notifySyncRequired(). This resulted in
animations never getting committed on Windows, which broke
a lot of tests.
* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::GraphicsLayerCA):
2011-1-13 Lucas Forschler
Merge 104352
2012-01-05 Simon Fraser
Avoid falling into tiled layers more often when the device scale factor is > 1
Reviewed by John Sullivan.
Stop taking the device scale factor into account when deciding to make
tiled layers.
Test: compositing/tiled-layers-hidpi.html
* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::requiresTiledLayer):
2011-1-13 Lucas Forschler
Merge 104269
2012-01-05 Dan Bernstein Update copyright strings
Reviewed by Mark Rowe.
* Info.plist:
2012-01-13 Lucas Forschler
Roll-out r99999 (which is 104249 on branch)
* platform/KURL.cpp:
(WebCore::KURL::init):
2011-1-12 Lucas Forschler
Merge 103082
2011-12-15 Alexey Proskuryakov
Poor XPath performance when evaluating an expression that returns a lot of nodes
https://bugs.webkit.org/show_bug.cgi?id=74665
Reviewed by Darin Adler.
No change in funcitonality. Well covered by existing tests (ran them with zero cutoff to
execute the new code path).
Our sorting function is optimized for small node sets in large documents, and this is the
opposite of it. Added another one that traverses the whole document, adding nodes from the
node set to sorted list. That doesn't grow with the number of nodes nearly as fast.
Cutoff amount chosen for the document referenced in bug - this is roughly where the algorithms
have the same performance on it.
* xml/XPathNodeSet.cpp:
(WebCore::XPath::NodeSet::sort):
(WebCore::XPath::findRootNode):
(WebCore::XPath::NodeSet::traversalSort):
* xml/XPathNodeSet.h:
2011-1-12 Lucas Forschler
Merge 102024
2011-12-02 Jer Noble elements should disable the system and display sleep when playing on OS X.
https://bugs.webkit.org/show_bug.cgi?id=73730
Reviewed by Alexey Proskuryakov.
No new tests; platform specific system behavior only.
Create a new DisplaySleepDisabler object when the playback rate becomes non-zero, and destroy
that object when the playback rate drops back to zero.
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::mediaPlayerRateChanged):
* html/HTMLMediaElement.h:
2011-1-12 Lucas Forschler
Merge 94338
2011-09-01 Tim Horton
REGRESSION: Rendering artifacts on a rotated, pattern filled SVG shape
https://bugs.webkit.org/show_bug.cgi?id=53055
Reviewed by Simon Fraser.
Make use of wkCGPatternCreateWithImageAndTransform
when tiling patterns in both directions. This helps to avoid
pixel-cracking along pattern tiling boundaries.
Ignore 2D rotation when computing the size of a pattern's tile image,
as it artificially inflates the size of the tile, which can cause
pixel-cracking.
Test: svg/custom/pattern-rotate-gaps.svg
* platform/graphics/cg/PatternCG.cpp:
(WebCore::Pattern::createPlatformPattern):
* rendering/svg/RenderSVGResourcePattern.cpp:
* rendering/svg/SVGImageBufferTools.cpp:
(WebCore::SVGImageBufferTools::roundedImageBufferSize):
* rendering/svg/SVGImageBufferTools.h:
2011-1-12 Lucas Forschler
Merge 94317
2011-09-01 Tim Horton
REGRESSION: Rendering artifacts on a rotated, pattern filled shape
https://bugs.webkit.org/show_bug.cgi?id=53055
Reviewed by Simon Fraser.
Introduce wkCGPatternCreateWithImageAndTransform.
* WebCore.exp.in:
* platform/mac/WebCoreSystemInterface.h:
* platform/mac/WebCoreSystemInterface.mm:
2011-1-11 Lucas Forschler
Merge 91777
2011-07-26 Dan Bernstein Add a generic pictograph font family Add a generic pictograph font family
https://bugs.webkit.org/show_bug.cgi?id=65197
Reviewed by Anders Carlsson.
Test: fast/css/font-family-pictograph.html
* WebCore.exp.in: Export Settings::setPictographFontFamily().
* css/CSSComputedStyleDeclaration.cpp:
(WebCore::identifierForFamily): Added -webkit-pictograph.
* css/CSSFontSelector.cpp:
(WebCore::CSSFontSelector::addFontFaceRule): Ditto.
(WebCore::fontDataForGenericFamily): Ditto.
* css/CSSStyleSelector.cpp:
(WebCore::CSSStyleSelector::applyProperty): Ditto.
* css/CSSValueKeywords.in:
* inspector/front-end/CSSKeywordCompletions.js: Ditto.
* inspector/front-end/SourceCSSTokenizer.js: Ditto.
(WebInspector.SourceCSSTokenizer):
* inspector/front-end/SourceCSSTokenizer.re2js: Ditto.
* page/Settings.cpp:
(WebCore::Settings::pictographFontFamily): Added this getter.
(WebCore::Settings::setPictographFontFamily): Added this setter.
* page/Settings.h:
* platform/graphics/FontDescription.h: Added PictographFamily to the GenericFamilyType enum.
2011-1-11 Lucas Forschler
Merge 92005
2011-07-29 Dan Bernstein
Added the regional indicator symbols to the set of codepoints that force use of the complex text code path.
Fixes Regional indicator symbols do not combine into national flags
https://bugs.webkit.org/show_bug.cgi?id=65380
Reviewed by Anders Carlsson.
Test: fast/text/regional-indicator-symobls.html
* platform/graphics/Font.cpp:
(WebCore::Font::codePath): Added handling of surrogate pairs, which returns Complex for characters in
the range U+1F1E6..U+1F1FF.
2011-1-11 Lucas Forschler
Merge 88479
2011-06-09 Julien Chaffraix
Reviewed by Antti Koivisto.
REGRESSION(84329): Stylesheets on some pages do not load
https://bugs.webkit.org/show_bug.cgi?id=61400
Test: fast/css/link-disabled-attr.html
Fixed r84329: the change did not take into account the fact
that HTMLLinkElement did already contain the disabled information
and the 2 information were not linked as they should have!
The new logic pushes the information to the stylesheet as this
is what the spec mandates and what FF is doing. Also it keeps
one bit of information (that JS enabled the stylesheet) as it
is needed for the recalcStyleSelector logic.
* dom/Document.cpp:
(WebCore::Document::recalcStyleSelector): s/isDisabled/disabled.
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::HTMLLinkElement): Removed m_disabledState,
replaced by m_isEnabledViaScript.
(WebCore::HTMLLinkElement::setDisabled): Updated the logic after
m_disabledState removal. It also matches the spec by forwarding
the disabled state to our stylesheet if we have one.
(WebCore::HTMLLinkElement::parseMappedAttribute): Removed harmful
handling of the disabledAttr.
(WebCore::HTMLLinkElement::process): Updated after m_disabledState removal.
* html/HTMLLinkElement.h:
(WebCore::HTMLLinkElement::isEnabledViaScript): Ditto.
(WebCore::HTMLLinkElement::isAlternate): Ditto.
2011-1-9 Lucas Forschler
Merge 102263
2011-12-07 Ken Buchanan
Crash from multicol spans with layers
https://bugs.webkit.org/show_bug.cgi?id=68030
Reviewed by David Hyatt.
The layer tree diverges from the render tree when a span is being split
between columns. This patch causes the layer tree to be updated when necessary.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::splitFlow)
(WebCore::RenderBlock::splitBlocks)
2011-1-9 Lucas Forschler
Merge 102016
2011-12-05 Steve Falkenburg
Reviewed by Sam Weinig.
On Windows, filenames not properly preserved when copied into a file list exposed by Event.dataTransfer
https://bugs.webkit.org/show_bug.cgi?id=73841
No test since repro case involves dropping a file onto the WebView.
Calling characters() explicitly causes a non-terminated string buffer to get passed back
to the String() constructor that expects a terminated buffer. The characters() call isn't
necessary at all, since we have a String and the method we're calling expects a String.
* platform/win/ClipboardWin.cpp:
(WebCore::ClipboardWin::files): Remove characters() since it doesn't null terminate.
2011-1-9 Lucas Forschler
Merge 101584
2011-11-30 Ken Buchanan
Crash from first letter text fragments having flows split
https://bugs.webkit.org/show_bug.cgi?id=72759
Reviewed by David Hyatt.
When an inline flow is split that contains a first letter block
and its remaining text, it can prevent the remaining text fragment
from getting updated if the first letter block is replaced. This
patch enables the text fragment to be found and updated properly.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::updateFirstLetterBlock):
2011-1-6 Lucas Forschler
Merge 101091
2011-11-23 Antti Koivisto
https://bugs.webkit.org/show_bug.cgi?id=72354
Image pointer in FillLayer not cleared correctly
Reviewed by Dan Bernstein.
Test: fast/css/fill-layer-crash.html
We should clear the image pointer too, not just the m_imageSet bit.
* rendering/style/FillLayer.h:
(WebCore::FillLayer::clearImage):
2011-1-9 Lucas Forschler
Merge 100809
2011-11-18 Beth Dakin Regression: Scroll bars disappear and don't come back
Reviewed by Sam Weinig.
Fixing a merge issue. On TOT we use #if USE(SCROLLBAR_PAINTER), but on the branch
it is still #if USE(WK_SCROLLBAR_PAINTER). Also, on the branch, all of the
m_scrollbarPainterController functions go through WebKitSystemInterface instead of
using forward declaration. We should consider merging those changes, but in the
meantime, for this to work, we have to go back to the branch-style.
* platform/mac/ScrollAnimatorMac.mm:
(WebCore::ScrollAnimatorMac::notityPositionChanged):
2011-1-6 Lucas Forschler
Merge 100677
2011-11-17 Ken Buchanan
Crash from positioned generated content under run-in
https://bugs.webkit.org/show_bug.cgi?id=70456
Reviewed by David Hyatt.
Modified handling of run-in children to clear generated children
before removing the parent from the render tree. This caused problems
with absolute positioned children being not properly removed from the
positioned object list of the RenderView.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::handleRunInChild):
2011-1-6 Lucas Forschler
Merge 100630
2011-11-17 Ken Buchanan
Crash from nested tables with generated content
https://bugs.webkit.org/show_bug.cgi?id=68811
Reviewed by David Hyatt.
When adding a child to a table that has generated content, this change
ensures that we leave alone any generated content renderers that belong
to descendants in the tree. They don't need to be touched, and doing so
can create confusion about who the content belongs to.
This patch also simplifies some existing code for finding pseudoelement
renderers.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks):
* rendering/RenderObject.cpp:
(WebCore::RenderObject::addChild):
(WebCore::RenderObject::isBeforeAfterContentGeneratedByAncestor): Added
* rendering/RenderObject.h:
(WebCore::RenderObject::findAfterContentRenderer): Deleted
(WebCore::RenderObject::findBeforeContentRenderer): Deleted
* rendering/RenderObjectChildList.cpp:
(WebCore::RenderObjectChildList::beforePseudoElementRenderer):
(WebCore::RenderObjectChildList::afterPseudoElementRenderer):
* rendering/RenderTable.cpp:
(WebCore::RenderTable::addChild):
* rendering/RenderTableRow.cpp:
(WebCore::RenderTableRow::addChild):
* rendering/RenderTableSection.cpp:
(WebCore::RenderTableSection::addChild):
2011-1-6 Lucas Forschler
Merge 100343
2011-11-15 Jessie Berlin
NSURLRequest leak beneath ResourceRequest::setStorageSession seen on Leaks bot.
https://bugs.webkit.org/show_bug.cgi?id=72419
Reviewed by Adam Roben.
Adopt the copied NSURLRequest.
* platform/network/mac/ResourceRequestMac.mm:
(WebCore::ResourceRequest::setStorageSession):
2011-1-5 Lucas Forschler
Merge 100203
2011-11-14 Adam Barth
Don't special-case "data" URLs in drag-and-drop logic
https://bugs.webkit.org/show_bug.cgi?id=72322
Reviewed by Eric Seidel.
See the bug for more details.
Test: editing/pasteboard/drag-drop-to-data-url.html
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canReceiveDragData):
2011-1-5 Lucas Forschler
Merge 99999
2011-11-11 David Kilzer Remove use of strcpy in KURL
Reviewed by Antti Koivisto.
* platform/KURL.cpp:
(WebCore::KURL::init): Replace strcpy() with strncpy().
2011-1-5 Lucas Forschler
Merge 99756
2011-11-09 Ken Buchanan
Indentation error in RenderObject::container
https://bugs.webkit.org/show_bug.cgi?id=64780
Reviewed by Eric Seidel.
A conditional block was indented too far; correcting.
* rendering/RenderObject.cpp:
(WebCore::RenderObject::container):
2011-1-5 Lucas Forschler
Merge 99731
2011-11-09 Ken Buchanan
SVG foreignObject wrong container
https://bugs.webkit.org/show_bug.cgi?id=64780
Reviewed by Simon Fraser.
Resubmitting a patch originally by scottmg@chromium.org.
In determining where to add to m_positionedObjects during a repaint,
containingBlock is used, which adds the absolute positioned object to
the containing foreignObject. But, when the contained object is
dirtied, container() was used to dirty up the tree, which skipped over
the foreignObject causing the wrong parent to needsLayout(). This fix
makes container() and containingBlock() handle svg foreignObject's in
the same way.
This patch will cause svg/overflow/overflow-on-foreignObject.svg to
require rebaselined results on qt and gtk ports.
* rendering/RenderObject.cpp:
(WebCore::RenderObject::container):
2011-1-5 Lucas Forschler
Merge 99579
2011-11-08 Justin Schuh
Document::loader should use documentLoader(), not activeDocumentLoader()
https://bugs.webkit.org/show_bug.cgi?id=65895
Reviewed by Brady Eidson.
Test: fast/loader/stateobjects/replacestate-in-onunload.html
* dom/Document.cpp:
(WebCore::Document::loader):
2011-1-5 Lucas Forschler
Merge 99462
2011-11-07 Ken Buchanan
Crash due to mixed direction text runs
https://bugs.webkit.org/show_bug.cgi?id=66015
Reviewed by David Hyatt.
Test for bug fix.
* fast/text/international/bidi-neutral-in-mixed-direction-run-crash.html: Added
* fast/text/international/bidi-neutral-in-mixed-direction-run-cras-expected.txt: Added
2011-1-5 Lucas Forschler
Merge 99439
2011-11-07 Jessie Berlin
Need a way to allow a scheme access to Local Storage and Databases while Private Browsing is
enabled.
https://bugs.webkit.org/show_bug.cgi?id=71631
Reviewed by Jon Honeycutt.
Check the SchemeRegistry before preventing read/write access to Local Storage and Databases
in Private Browsing.
* WebCore.exp.in:
Export the symbols for registering the schemes as allowing Local Storage and Database access
in Private Browsing.
* dom/Document.cpp:
(WebCore::Document::allowDatabaseAccess):
Check if the scheme allows Database access in Private Browsing.
* platform/SchemeRegistry.cpp:
(WebCore::schemesAllowingLocalStorageAccessInPrivateBrowsing):
(WebCore::schemesAllowingDatabaseAccessInPrivateBrowsing):
(WebCore::SchemeRegistry::registerURLSchemeAsAllowingLocalStorageAccessInPrivateBrowsing):
(WebCore::SchemeRegistry::allowsLocalStorageAccessInPrivateBrowsing):
(WebCore::SchemeRegistry::registerURLSchemeAsAllowingDatabaseAccessInPrivateBrowsing):
(WebCore::SchemeRegistry::allowsDatabaseAccessInPrivateBrowsing):
* platform/SchemeRegistry.h:
* storage/Storage.cpp:
(WebCore::Storage::length):
Ask the storage area if it is disabled by Private Browsing in the frame instead of just
checking if Private Browsing is enabled for that frame because the answer might depend on
what type of storage that storage area is.
(WebCore::Storage::key):
Ditto.
(WebCore::Storage::getItem):
Ditto.
(WebCore::Storage::contains):
Ditto.
* storage/StorageArea.h:
Make it possible to query a StorageArea for whether it is disabled by Private Browsing in a
Frame.
* storage/StorageAreaImpl.cpp:
(WebCore::StorageAreaImpl::disabledByPrivateBrowsingInFrame):
Renamed from privateBrowsingEnabled.
Check not only if Private Browsing is enabled for the Frame, but also if the storage type is
Local Storage and if there is an exception for the scheme of the resource currently loaded
into the Frame.
(WebCore::StorageAreaImpl::setItem):
Renamed privateBrowsingEnabled -> disabledByPrivateBrowsingInFrame.
(WebCore::StorageAreaImpl::removeItem):
Ditto.
(WebCore::StorageAreaImpl::clear):
Ditto.
* storage/StorageAreaImpl.h:
2011-1-5 Lucas Forschler
Merge 98796
2011-10-28 Ryosuke Niwa
Potential crash in ReplaceNodeWithSpanCommand
https://bugs.webkit.org/show_bug.cgi?id=71145
Reviewed by Ojan Vafai.
Fix a potential crash without tests because we don't have a reduction.
* editing/ReplaceNodeWithSpanCommand.cpp:
(WebCore::swapInNodePreservingAttributesAndChildren):
2011-1-5 Lucas Forschler
Merge 98763
2011-10-28 Ken Buchanan
Crash when splitting inline flows with generated floats
https://bugs.webkit.org/show_bug.cgi?id=70458
Reviewed by David Hyatt.
When lineBoxes on a RenderBlock are being deleted, we now check the floating object list to
ensure references to them are being cleared.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::deleteLineBoxTree): Remove references to lineBox when deleting them
2011-1-5 Lucas Forschler
Merge 98561
2011-10-27 Ken Buchanan
Crash due to nested first-letter selectors
https://bugs.webkit.org/show_bug.cgi?id=70457
Now only the lowest-level first-letter pseudostyle will be applied to
a given piece of text. Previously the last renderer to have layout
done would have its pseudostyle applied, no matter where it was in the
tree.
Reviewed by David Hyatt.
* renderer/RenderBlock.cpp:
(WebCore::RenderBlock::updateFirstLetter): Use the pseudostyle from
the lowest level node to have one
2011-1-5 Lucas Forschler
Merge 96294
2011-09-28 Dan Bernstein first-letter after list marker not updated correctly
Reviewed by Simon Fraser.
Test: fast/dynamic/first-letter-after-list-marker.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::updateFirstLetter): Improved the logic for continuing past list markers
when trying to locate a first letter to update.
2011-1-5 Lucas Forschler
Merge 98374
2011-10-25 Chris Evans
Manage the CSS property array length correctly
https://bugs.webkit.org/show_bug.cgi?id=70783
Reviewed by Adam Barth.
* css/CSSParser.cpp:
(WebCore::CSSParser::addProperty): don't allow max length to get out of sync with the buffer.
2011-1-5 Lucas Forschler
Merge 98344
2011-10-25 Justin Schuh
Check for empty string in parseArcFlag
https://bugs.webkit.org/show_bug.cgi?id=70763
Reviewed by Dirk Schulze.
Test: svg/path-invalid.html
* svg/SVGParserUtilities.cpp:
(WebCore::parseArcFlag):
2011-1-5 Lucas Forschler
Merge 98033
2011-10-20 Julien Chaffraix
RenderDeprecatedFlexibleBox does not call its children's layout method
https://bugs.webkit.org/show_bug.cgi?id=64842
Reviewed by David Hyatt.
Tests: fast/flexbox/021-vertical.html
fast/flexbox/crash-flexbox-no-layout-child.html
The FlexBoxIterator would skip any child with visibility: collapsed. However those child
would need layout but their layout() function would never be called.
This change refactors the way flexible box handles visibility: collapsed child and mark sure
their layout() function is called but makes sure that they don't participate in the flex box
dimensions.
* rendering/RenderDeprecatedFlexibleBox.cpp:
(WebCore::FlexBoxIterator::next): Do not skip visibility: collapsed child.
(WebCore::childDoesNotAffectWidthOrFlexing): Helper function.
(WebCore::RenderDeprecatedFlexibleBox::calcHorizontalPrefWidths):
(WebCore::RenderDeprecatedFlexibleBox::calcVerticalPrefWidths):
(WebCore::gatherFlexChildrenInfo):
(WebCore::RenderDeprecatedFlexibleBox::layoutHorizontalBox):
(WebCore::RenderDeprecatedFlexibleBox::layoutVerticalBox):
(WebCore::RenderDeprecatedFlexibleBox::applyLineClamp):
(WebCore::RenderDeprecatedFlexibleBox::allowedChildFlex):
Updated to skip the now seen visibility: collapsed child during the
iteration.
2011-1-5 Lucas Forschler
Merge 98010
2011-10-20 Ken Buchanan
Crash in updateFirstLetter on :after generated content
https://bugs.webkit.org/show_bug.cgi?id=70031
Reviewed by David Hyatt.
Preventing findBeforeAfterParent() from returning a first-letter block and overwriting its style.
Instead, it returns the block's parent.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::updateFirstLetter):
* rendering/RenderObjectChildList.cpp:
(WebCore::findBeforeAfterParent)
(WebCore::RenderObjectChildList::updateBeforeAfterContent): First-letter siblings now already have style applied, so this clause is redundant
2011-1-5 Lucas Forschler
Merge 97927
2011-10-19 Carol Szabo
CSS Counters have wrong values
https://bugs.webkit.org/show_bug.cgi?id=69605
Reviewed by Darin Adler.
Test: fast/css/counters/after-continuation.html
Added a new method for getting the renderer of the "after"
pseudo-element that handles continuations.
Hooked up the new method with the CSS counter code.
* rendering/RenderCounter.cpp:
(WebCore::rendererOfAfterPseudoElement):
(WebCore::previousInPreOrder):
(WebCore::nextInPreOrder):
* rendering/RenderObject.h:
2011-1-5 Lucas Forschler
Merge 97786
2011-10-18 Julien Chaffraix
Crash in RenderDeprecatedFlexibleBox::layoutHorizontalBox
https://bugs.webkit.org/show_bug.cgi?id=70183
Reviewed by David Hyatt.
Test: fast/flexbox/layoutHorizontal-crash.html
The deferred scroll information update logic was not updated when an object was destroy'ed.
The fix is very simple. As the deferred logic was only used with deprecated flexbox, it is a
pretty uncommon cases so let's optimize the new code for the common case.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::willBeDestroyed):
2011-1-5 Lucas Forschler
Merge 97502
2011-10-14 Simon Fraser
Web Inspector: WebProcess crashes hard when inspecting elements with border-images applied
https://bugs.webkit.org/show_bug.cgi?id=70105
Reviewed by Dave Hyatt.
Fix three different crashes related to getting computed style for border-image.
In both valueForNinePieceImageSlice() and valueForNinePieceImageQuad(),
assign 'right' to 'left' because we've computed a value for 'right' already.
Otherwise this would leave 'right' as null, causing later crashes in cssText().
In mapNinePieceImage(), borderImage->imageValue() can be null for a border-image
shorthand that is missing the image value.
Test: fast/css/getComputedStyle/computed-style-border-image.html
* css/CSSComputedStyleDeclaration.cpp:
(WebCore::valueForNinePieceImageSlice):
(WebCore::valueForNinePieceImageQuad):
* css/CSSStyleSelector.cpp:
(WebCore::CSSStyleSelector::mapNinePieceImage):
2011-1-5 Lucas Forschler
Merge 97402
2011-10-12 Abhishek Arya
Register custom fonts at their creation time,
rather than at retirement time.
https://bugs.webkit.org/show_bug.cgi?id=68929
Reviewed by Dan Bernstein.
Test: fast/text/custom-font-data-crash2.html
* css/CSSFontFace.cpp:
* css/CSSFontFace.h: remove function added in r94508,
which is no longer needed. We now register custom fonts
at creation time.
* css/CSSFontFaceSource.cpp:
(WebCore::CSSFontFaceSource::pruneTable): no longer need
to delete/retire font data here, it will be handled in ~Document.
(WebCore::CSSFontFaceSource::getFontData): register custom
font to document's m_customFonts.
* css/CSSFontSelector.cpp:
* css/CSSFontSelector.h: remove function added in r94508,
which is no longer needed. We now register custom fonts
at creation time.
* css/CSSSegmentedFontFace.cpp:
(WebCore::CSSSegmentedFontFace::pruneTable): no longer need
to delete/retire font data here, it will be handled in ~Document.
(WebCore::CSSSegmentedFontFace::getFontData): register custom
font to document's m_customFonts.
* dom/Document.cpp: Change function names to registerCustomFont
, deleteCustomFonts and local to m_customFont.
(WebCore::Document::~Document):
(WebCore::Document::recalcStyle): yanking out the comment. We
no longer keep retired custom fonts. We clear all custom fonts
on Document destruction.
(WebCore::Document::registerCustomFont):
(WebCore::Document::deleteCustomFonts):
* dom/Document.h:
2011-1-4 Lucas Forschler
Merge 97353
2011-10-13 Adam Barth
DOMWindow subobjects can be re-created after navigation
https://bugs.webkit.org/show_bug.cgi?id=68849
Reviewed by Sam Weinig.
Test: http/tests/security/xss-DENIED-getSelection-from-inactive-domwindow.html
* page/DOMWindow.cpp:
(WebCore::DOMWindow::~DOMWindow):
- Add ASSERTs to show that we're not recreating these objects.
- Add a call to clear() as defense in depth in case we have any of
these objects hanging around.
(WebCore::DOMWindow::clear):
- Clear out a couple of objects that weren't getting cleared.
These are actually not likely to cause problems, but clearing
them out is the safe thing to do.
(WebCore::DOMWindow::isActive):
- Add a concept of whether the DOMWindow is "active" in its frame.
We had this concept in a couple places already, but centralizing
it into a helper function make it easier to use and talk about.
(WebCore::DOMWindow::orientation):
- Whitespace nit.
(WebCore::DOMWindow::screen):
(WebCore::DOMWindow::history):
(WebCore::DOMWindow::crypto):
(WebCore::DOMWindow::locationbar):
(WebCore::DOMWindow::menubar):
(WebCore::DOMWindow::personalbar):
(WebCore::DOMWindow::scrollbars):
(WebCore::DOMWindow::statusbar):
(WebCore::DOMWindow::toolbar):
(WebCore::DOMWindow::console):
(WebCore::DOMWindow::applicationCache):
(WebCore::DOMWindow::navigator):
(WebCore::DOMWindow::performance):
(WebCore::DOMWindow::location):
(WebCore::DOMWindow::sessionStorage):
(WebCore::DOMWindow::localStorage):
(WebCore::DOMWindow::webkitNotifications):
(WebCore::DOMWindow::webkitIndexedDB):
(WebCore::DOMWindow::getSelection):
(WebCore::DOMWindow::styleMedia):
(WebCore::DOMWindow::webkitURL):
(WebCore::DOMWindow::webkitStorageInfo):
- Avoid creating these objects when we're not active. That can
only lead to sadness.
(WebCore::DOMWindow::webkitRequestFileSystem):
(WebCore::DOMWindow::webkitResolveLocalFileSystemURL):
(WebCore::DOMWindow::openDatabase):
(WebCore::DOMWindow::postMessage):
- While not techincally creating subobjects, these functions also
seem unwise when the DOMWindow is inactive.
(WebCore::DOMWindow::find):
(WebCore::DOMWindow::length):
(WebCore::DOMWindow::getMatchedCSSRules):
- These functions operate on the active Document. When we're not
active, that's not us!
(WebCore::DOMWindow::document):
- Update to use the new concept of being active rather than having
this function roll its own implementation.
(WebCore::DOMWindow::webkitConvertPointFromNodeToPage):
(WebCore::DOMWindow::webkitConvertPointFromPageToNode):
(WebCore::DOMWindow::scrollBy):
(WebCore::DOMWindow::scrollTo):
- These functions also look unwise to run when inactive because
they're reading information from the active document.
- I added a RefPtr for node because the call to
updateLayoutIgnorePendingStylesheets() seems likely to be able to
run script somehow.
(WebCore::DOMWindow::addEventListener):
(WebCore::DOMWindow::removeEventListener):
(WebCore::DOMWindow::dispatchLoadEvent):
(WebCore::DOMWindow::dispatchEvent):
- I don't think these functions worked when inactive anyway, but
explicitly blocking them seems wise.
(WebCore::DOMWindow::setLocation):
(WebCore::DOMWindow::isInsecureScriptAccess):
(WebCore::DOMWindow::open):
(WebCore::DOMWindow::showModalDialog):
- These already have checks for being active, but it can't hurt to
be explicit at the top of the function.
* page/DOMWindow.h:
2011-1-4 Lucas Forschler
Merge 97270
2011-10-12 Sergey Glazunov
ScriptController::executeIfJavaScriptURL gets confused by synchronous frame loads
https://bugs.webkit.org/show_bug.cgi?id=69777
Reviewed by Adam Barth.
Test: http/tests/security/xss-DENIED-synchronous-frame-load-in-javascript-url.html
* bindings/ScriptControllerBase.cpp:
(WebCore::ScriptController::executeIfJavaScriptURL):
* loader/DocumentWriter.cpp:
(WebCore::DocumentWriter::replaceDocument):
(WebCore::DocumentWriter::begin):
* loader/DocumentWriter.h:
2011-1-4 Lucas Forschler
Merge 97180
2011-10-11 Abhishek Arya
Generalize r95461 change to include table-cell and
allow splitting between :before, :after content.
https://bugs.webkit.org/show_bug.cgi?id=69854
Reviewed by Eric Seidel.
Test: fast/table/table-row-before-after-content-around-table-cell.html
* rendering/RenderObject.cpp:
(WebCore::RenderObject::addChild):
2012-01-04 Oliver Hunt
Merge r94457
2011-08-30 Matthew Delaney
Read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData
https://bugs.webkit.org/show_bug.cgi?id=65352
Reviewed by Simon Fraser.
New test: fast/canvas/canvas-getImageData-large-crash.html
This patch prevents overflows from happening in getImageData, createImageData, and canvas creation
calls that specify widths and heights that end up overflowing the ints that we store those values in
as well as derived values such as area and maxX / maxY of the bounding rects involved. Overflow of integer
arithmetic is detected via the use of the new Checked type that was introduced in r94207.
* html/HTMLCanvasElement.cpp:
(WebCore::HTMLCanvasElement::convertLogicalToDevice): Removed dependency on ints, using FloatRects/Sizes instead.
(WebCore::HTMLCanvasElement::createImageBuffer): Moved the check for max canvas area and dimensions here.
Added in check that prevents us from having canvases of sizes that will cause overflows.
(WebCore::HTMLCanvasElement::baseTransform): Updated use of convertLogicalToDevice.
* html/HTMLCanvasElement.h: Updated method signatures.
* html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::createEmptyImageData): Added in check to prevent creating ImageData objects that will cause overflow when computing their size.
(WebCore::CanvasRenderingContext2D::createImageData): Avoid creating ImageData objects of size that will overflow later.
(WebCore::CanvasRenderingContext2D::getImageData): Added in check to prevent trying to get ImageData objects that will cause overflow when computing their size.
* platform/graphics/FloatRect.cpp:
(WebCore::FloatRect::isExpressibleAsIntRect): New method that tests whether a FloatRect can become an IntRect without overflow or having to be clamped.
* platform/graphics/FloatRect.h:
* platform/graphics/FloatSize.cpp:
(WebCore::FloatSize::isExpressibleAsIntSize): Same as FloatRect, but for FloatSize->IntSize.
* platform/graphics/FloatSize.h:
* platform/graphics/cg/ImageBufferCG.cpp: Added check for overflow.
(WebCore::ImageBuffer::ImageBuffer):
2011-1-4 Lucas Forschler
Merge 97180
2011-10-11 Abhishek Arya
Generalize r95461 change to include table-cell and
allow splitting between :before, :after content.
https://bugs.webkit.org/show_bug.cgi?id=69854
Reviewed by Eric Seidel.
Test: fast/table/table-row-before-after-content-around-table-cell.html
* rendering/RenderObject.cpp:
(WebCore::RenderObject::addChild):
2011-1-4 Lucas Forschler
Merge 97124
2011-10-10 Abhishek Arya
Style not updated on text fragment in :first-letter
nested in :before table.
https://bugs.webkit.org/show_bug.cgi?id=69540
Reviewed by Dan Bernstein.
Test: fast/css-generated-content/first-letter-in-nested-before-table.html
* rendering/RenderObjectChildList.cpp:
(WebCore::RenderObjectChildList::updateBeforeAfterContent):
2011-1-4 Lucas Forschler
Merge 97114
2011-10-10 Dan Bernstein Duplicate ::after content when both ::before and ::after are styled as table parts
Reviewed by Sam Weinig.
Test: fast/css-generated-content/table-parts-before-and-after.html
* rendering/RenderObject.cpp:
(WebCore::RenderObject::addChild): Prevented table part childern after a ::before table from being merged
into it.
* rendering/RenderTable.cpp:
(WebCore::RenderTable::addChild): Prevented children after a ::before table section from being merged
into it.
2011-1-4 Lucas Forschler
Merge 97075
2011-10-10 Abhishek Arya
Style for updated due to inability to locate
:before content in presence of listmarkers and runins.
https://bugs.webkit.org/show_bug.cgi?id=68624
Reviewed by Dan Bernstein.
Tests: fast/lists/inline-before-content-after-list-marker.html
fast/runin/runin-between-list-marker-and-before-content.html
fast/runin/runin-into-div-with-float-child.html
fast/runin/runin-not-go-into-float.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::handleRunInChild): Fix as per spec that
we should not be skipping over floating/positioned renderers to
push runins into neighbouring block. This matches Opera renderings.
* rendering/RenderObject.cpp: Add const to parameter variable
to make call from beforePseudoElementRenderer easier. Also matches
CounterNode.h definition.
(WebCore::RenderObject::nextInPreOrder):
(WebCore::RenderObject::nextInPreOrderAfterChildren):
* rendering/RenderObject.h: Same const addition.
* rendering/RenderObjectChildList.cpp:
(WebCore::RenderObjectChildList::beforePseudoElementRenderer):
Remove skipping of floating/positioned renderers, similar to
handleRunIn. Revert code change in r94857 and add better next
sibling iterator. This addresses the layouttest in r94857 where
:before content is in its own anonymous rendertable.
2011-1-4 Lucas Forschler
Merge 97074
2011-10-10 Abhishek Arya
Handle insertion into an anonymous table part that
is followed by a non-anonymous block correctly.
https://bugs.webkit.org/show_bug.cgi?id=69536
Reviewed by Dan Bernstein.
Tests: fast/table/table-insert-before-non-anonymous-block.html
* rendering/RenderTable.cpp:
(WebCore::RenderTable::addChild):
* rendering/RenderTableRow.cpp:
(WebCore::RenderTableRow::addChild):
* rendering/RenderTableSection.cpp:
(WebCore::RenderTableSection::addChild):
(WebCore::RenderTableSection::splitColumn):
2011-1-4 Lucas Forschler
Merge 96999
2011-10-07 Justin Schuh
Make isXMLMIMEType regex use TLS
https://bugs.webkit.org/show_bug.cgi?id=69665
Reviewed by Adam Barth.
Test: fast/workers/worker-multi-startup.html
* dom/DOMImplementation.cpp:
(WebCore::XMLMIMETypeRegExp::XMLMIMETypeRegExp):
(WebCore::XMLMIMETypeRegExp::~XMLMIMETypeRegExp):
(WebCore::XMLMIMETypeRegExp::isXMLMIMEType):
(WebCore::DOMImplementation::isXMLMIMEType):
* dom/DOMImplementation.h:
* platform/ThreadGlobalData.cpp:
(WebCore::ThreadGlobalData::ThreadGlobalData):
(WebCore::ThreadGlobalData::destroy):
* platform/ThreadGlobalData.h:
(WebCore::ThreadGlobalData::xmlTypeRegExp):
2011-1-4 Lucas Forschler
Merge 96984
2011-10-07 Sergey Glazunov
XSLT-generated document should inherit its SecurityOrigin from the source document
https://bugs.webkit.org/show_bug.cgi?id=69661
Reviewed by Adam Barth.
Test: http/tests/security/xss-DENIED-xsl-document-securityOrigin.xml
* xml/XSLTProcessor.cpp:
(WebCore::XSLTProcessor::createDocumentFromSource):
2011-1-4 Lucas Forschler
Merge 96868
2011-10-06 Abhishek Arya
Crash in VisiblePosition::canonicalPosition.
https://bugs.webkit.org/show_bug.cgi?id=69568
Reviewed by Ryosuke Niwa.
Move the position's containerNode calculation after layout is
complete(in updateLayoutIgnorePendingStylesheets).
Test: editing/selection/selection-plugin-clear-crash.html
* editing/VisiblePosition.cpp:
(WebCore::VisiblePosition::canonicalPosition):
2011-1-4 Lucas Forschler